package com.medical.data.config;


import com.medical.data.component.MyPasswordEncoder;
import com.medical.data.fiflter.JwtAuthenticationTokenFilter;
import com.medical.data.handler.AccessDeniedHandlerImpl;
import com.medical.data.handler.AuthenticationEntryPointImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.stereotype.Component;

@Configuration
@Component
@EnableWebSecurity  //开启springsecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true,securedEnabled = true, jsr250Enabled = true)  //开启权限验证功能
public class WebConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private MyPasswordEncoder myPasswordEncoder;

    @Autowired
    private AccessDeniedHandlerImpl accessDeniedHandler;

    @Autowired
    private AuthenticationEntryPointImpl authenticationEntryPoint;

    @Autowired
    private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }



    //配置忽略哪些路由
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().mvcMatchers(
                "/api/**",
                "/swagger-resources/**", "/webjars/**", "/v2/**", "/swagger-ui.html/**",
                "/user/getPublicKey",
                "/user/updatePassword",
                "/doc.html/**",
                "/favicon.ico",
                "/checker/admin/Add",
                "/static/**",
                "/css/**",
                "/js/**",
                "/img/**",
                "/swagger-ui/**",
                "/swagger-ui/index.html",
                "/swagger-ui/index.html/**",
                "/v3/**",
                "/upload/**",
                "/admin/user/login",
                 "/front/statistics/get",
                "/front/user/loginUser",
                "/front/user/reg",
                "/front/satelite/getSatelites",
                "/front/distanct/getCurRoundSatelite",
                "/front/satelite/getSateliteJson"
//                "/admin/**"
        );
    }

    //配置路由拦截以及拦截器重写

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                //关闭csrf
                .csrf().disable()
                .cors().and() //springSecurity跨域
                .authorizeRequests()
                // 对于登录接口 允许匿名访问
                .antMatchers("/front/satelite/test").permitAll()
                // 除上面外的所有请求全部需要鉴权认证
                .anyRequest().authenticated();
        //监测token是否存在
        http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
        http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint).accessDeniedHandler(accessDeniedHandler);
    }

    //自定义密码和自定义登录接口配置
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(myPasswordEncoder);
    }

}
